A targeted attack sent emails loaded with malware to representatives of 16 European countries and some Asian governments, security researchers said.
The bogus emails said they were from China’s defense ministry and contained a malicious attachment that exploited a now-patched vulnerability in Microsoft Office versions 2003 to 2010, said Jonathan Leopando, a technical communications specialist with Trend Micro.
Microsoft patched the vulnerability in Office, CVE-2012-0158, more than a year ago although attackers are still frequently targeting it, Leopando said.
If the victim opens the email attachment on an unpatched computer, a “backdoor” program installs that steals login credentials for websites and email credentials from Internet Explorer and Microsoft Outlook, Leopando said.
The stolen information then goes to two IP addresses in Hong Kong, although those servers have since shut down, he said.
The targets of the attack would suggest that hackers were looking for victims in the diplomatic community. Leopando said similar emails also went out to some Chinese media organizations.
“The topic of the email — and the attached document — would be of interest to these targets,” Leopando said. “In addition, the information stolen and where it was stolen from — is very consistent with targeted attacks aimed at large organizations that use corporate mainstays like Internet Explorer and Outlook.”